DOCSLIB.ORG

Java's Insecure Parallelism

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Java's Insecure Parallelism Syracuse University SURFACE College of Engineering and Computer Science - Former Departments, Centers, Institutes and College of Engineering and Computer Science Projects 1999 Java’s insecure parallelism Per Brinch Hansen Syracuse University, School of Computer and Information Science, [email protected] Follow this and additional works at: https://surface.syr.edu/lcsmith_other Part of the Programming Languages and Compilers Commons Recommended Citation Hansen, Per Brinch, "Java’s insecure parallelism" (1999). College of Engineering and Computer Science - Former Departments, Centers, Institutes and Projects. 11. https://surface.syr.edu/lcsmith_other/11 This Article is brought to you for free and open access by the College of Engineering and Computer Science at SURFACE. It has been accepted for inclusion in College of Engineering and Computer Science - Former Departments, Centers, Institutes and Projects by an authorized administrator of SURFACE. For more information, please contact [email protected]. Java's Insecure Parallelism PER BRINCH HANSEN Syracuse University, 2-175 CST, Syracuse, NY 13244 pb h @top. cis. syr. edu Abstract: The author examines the synchronization features of Java and finds that they are insecure variants of his earliest ideas in parallel programming published in 1972-73. The claim that Java supports monitors is shown to be false. The author concludes that Java ignores the last twenty-five years of research in parallel programming languages. Zeywords: programming languages; parallel programming; monitors; security; Java; We must expect posterity to view with some asperity the marvels and the wonders we're passing on to it; but it should change its attitude to one of heartfelt gratitude when thinking of the blunders we didn't quite commit. Pier Hein (1966) 1. PLATFORM-INDEPENDENT PARALLEL PROGRAMMING Java has resurrected the well-known idea of platform-independent parallel program- ming. In this paper I examine the synchronization features of Java to discover their origin and determine if they live up to the standards set by the invention of monitors and Concurrent Pascal a quarter of a century ago. In the 1970s my students and I demonstrated that it is possible to write nontriv- ial parallel programs exclusively in a secure language that supports monitors. The milestones of this work were: • The idea of associating explicit queues with monitors [Brinch Hansen 1972]. • A class notation for monitors [Brinch Hansen 1973]. • A monitor language, Concurrent Pascal [Brinch Hansen 1975a]. • A portable compiler that generated platform-independent parallel code [Hart- mann 1975]. • A portable interpreter that ran platform-independent parallel code on a wide variety of computers [Brinch Hansen 1975b]. ACM SIGPLAN Notices 38 V. 34(4) April 1999 • A portable operating system, Solo, written in Concurrent Pascal [Brinch Hansen 197G]. • A book on abstract parallel programming [Brinch Hansen 1977]. Monitors and Concurrent Pascal inspired other researchers to develop monitor vari- ants [Hoare 1974a] and more than a dozen monitor languages, including Modula [Wirth 1977], Pascal Plus [Welsh 1979], and Mesa [Lampson 1980]. The portable implemen- tation of Concurrent Pascal was widely distributed and used on a variety of computers ranging from mainframes to microcomputers [Brinch Hansen 1993b]. 2. SECURITY AGAINST INTERFERENCE Hoare [1974b] introduced the essential requirement that a programming language must be secure in the following sense: The language should enable a compiler and its run- time system to detect as many cases as possible in which the language concepts break down and produce meaningless results.1 For a parallel programming language the most important security measure is to check that processes access disjoint sets of variables only and do not interfere with each other in time-dependent ways. The Concurrent Pascal compiler checked that every process and monitor only re- ferred to its own variables; that processes interacted through monitor procedures only; and that processes did not deadlock by calling monitors recursively (either directly or indirectly). The Concurrent Pascal interpreter ensured mutual exclusion of all operations on the variables of any process or monitor. It even made it impossible for a process and a peripheral device to access the same variable simultaneously. Unless the parallel features of a programming language are secure in this sense, the effect of a parallel program is generally both unpredictable and time-dependent and is therefore meaningless. This does not necessarily prevent you from writing correct parallel programs. It does, however, force you to use a low-level, error-prone notation that precludes effective error checking during compilation and execution. From the beginning, Hoare and I recommended extensive compile-time checking of modular parallel programs as an effective way of preventing most time-dependent errors. However, by 1991 Hoare sadly concluded that "a subsequent generation has lost that understanding." If you are unfamiliar with the rationale for interference control, you should study the history of the field from 1971-75. I see no point in repeating what I carefully explained and published decades ago. The reliability of this programming approach has been amply demonstrated in practice. 1This definition of security differs somewhat from its usual meaning of "the ability of a system to withstand attacks from adversaries" [Naur 1974]. 39 3. SHARED CLASSES My operating systems book [Brinch Hansen 1973] introduced the first programming notation for monitors, shared classes, based on a restricted form of the class concept of Simula 67 [Dahl 1972]. The book includes the bounded buffer shown in Fig. 1. (I have replaced my original Pascal notation with Java syntax.) shared class B { int max = i0, p, c, full; int[] buffer = new int[max]; public void send(Jut m) < await (full < max); buffer[p] = m; p = (p + I) ~ max; full = full + I; } public int receive() { await (full > 0); int m = buffer[c]; c = (c + I) ~ max; full = full - i; return m; } public B() < p = O; c = O; full = O; } } Figure 1 A shared class with await statements (1973). This notation introduces a class of message buffers of the same type B. Each buffer may be shared by parallel threads. The buffer concept is defined in terms of its data representation, the possible operations on it, and its initialization. In Java terminology these class components are known as the instance variables, synchronized methods, and the constructor of a buffer. A buffer instance b of type B is declared and used as follows by parallel threads: B b; b.send(5); int x = b.receive(); For a particular class instance b~ the following restrictions apply: • The instance variables are private to the class instance and can only be accessed within the class. • The synchronized methods are executed strictly one at a time as critical regions on the instance variables. Hoare [1972] had introduced the concept of a conditional critical region that is delayed until a shared data structure satisfies a Boolean condition. In a shared class, 40 I expressed the same idea by means of an await statement, which can occur anywhere within a critical region [Brinch Hansen 1972]. 4. EXPLICIT QUEUES At the time I was concerned about the inefficiency of conditional critical regions which retest Boolean conditions repeatedly until they are true. As an alternative I decided to let the programmer control the frequency with which scheduling expressions are reeval- uated. I did this by associating explicit queues with shared variables. Critical regions can delay calling processes in these queues and resume them later [Brinch Hansen 1972]. shared class B { int max = 10, p, c, full; iut[] buffer = new int[max]; event e; public void send(int m) { while (full == max) await(e); buffer[p] = m; p = (p + 1) Y. max; full = full + I; cause (e) ; } public int receive() { while (full =--0) await(e); int m = buffer[c]; c = (c + 1) Z max; full = full - 1; cause (e) ; return m ; } public B() { p = O; c = O; full = O; } } Figure 2 A shared class with an explicit queue (1972). Figure 2 illustrates this idea. The buffer class is extended with a single queue variable e of type event. Every synchronized method now begins with a waiting loop of the form while (!condition) await (e) ; and ends with the statement cause(e). The await operation makes a process leave its critical region and enter the queue e. The cause operation enables all processes in the queue e to eventually reenter their critical regions one at a time. The programmer can control the scheduling of processes to any degree desired by associating each queue with a group of similar processes or an individual process. 41 Since every instance of a Java class uses a single queue only, I have imposed the same restriction on Fig. 2. The key idea is that the queuing operations automatically maintain mutual exclu- sion of all access to monitor variables during the evaluation of scheduling conditions. Since my proposal was completely unrelated to the unpredictable event queues of the 1960s, I will call them explicit queues in this paper. All subsequent monitor proposals were based on minor variations of the same ideas: A monitor is essentially a shared class with explicit queues. 5. SYNCHRONIZED JAVA METHODS Only trivial changes are required to turn the shared class (Fig.2) into a correct Java class (Fig.3): • The class is no longer declared as shared. • The instance variables are declared as private. • The class methods are declared as synchronized methods that may cause a run-time Exception. • The queue variable e is replaced by a single anonymous queue. • The scheduling methods, await and cause are renamed wait and notifyAll. I remark in passing that I have no idea what general meaning the Java designers ascribe to a "critical region" that can be interrupted by exceptions (even if it includes an exception handler). A comparison of Figs. 1-3 makes it clear that a Java class with synchronized methods, waiting loops and notifyAll statements is a variant of my earliest ideas in parallel programming: the shared class and scheduling queues, published in 1972-73.
Load more

Recommended publications
  • The Programming Language Concurrent Pascal
    IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, VOL. SE-I, No.2, JUNE 1975 199 The Programming Language Concurrent Pascal PER BRINCH HANSEN Abstract-The paper describes a new programming language Disk buffer for structured programming of computer operating systems. It e.lt­ tends the sequential programming language Pascal with concurx:~t programming tools called processes and monitors. Section I eltplains these concepts informally by means of pictures illustrating a hier­ archical design of a simple spooling system. Section II uses the same enmple to introduce the language notation. The main contribu~on of Concurrent Pascal is to extend the monitor concept with an .ex­ Producer process Consumer process plicit hierarchy Of access' rights to shared data structures that can Fig. 1. Process communication. be stated in the program text and checked by a compiler. Index Terms-Abstract data types, access rights, classes, con­ current processes, concurrent programming languages, hierarchical operating systems, monitors, scheduling, structured multiprogram­ ming. Access rights Private data Sequential 1. THE PURPOSE OF CONCURRENT PASCAL program A. Background Fig. 2. Process. INCE 1972 I have been working on a new programming .. language for structured programming of computer S The next picture shows a process component in more operating systems. This language is called Concurrent detail (Fig. 2). Pascal. It extends the sequential programming language A process consists of a private data structure and a Pascal with concurrent programming tools called processes sequential program that can operate on the data. One and monitors [1J-[3]' process cannot operate on the private data of another This is an informal description of Concurrent Pascal.
    [Show full text]
  • The Programmer As a Young Dog
    The Programmer as a Young Dog (1976) This autobiographical sketch describes the beginning of the author’s career at the Danish computer company Regnecentralen from 1963 to 1970. (The title is inspired by James Joyce’s “A Portrait of the Artist as a Young Man” and Dylan Thomas’s “Portrait of the Artist as a Young Dog.”) After three years in Regnecentralen’s compiler group, the author got the chance to design the architecture of the RC 4000 computer. In 1967, he became Head of the Software Development group that designed the RC 4000 multiprogramming system. The article was written in memory of Niels Ivar Bech, the dynamic director of Regnecentralen, who inspired a generation of young Danes to make unique contributions to computing. I came to Regnecentralen in 1963 to work with Peter Naur and Jrn Jensen. The two of them worked so closely together that they hardly needed to say anything to solve a problem. I remember a discussion where Peter was writing something on the blackboard, when Jrn suddenly said “but Peter ...” and immediately was interrupted with the reply “yes, of course, Jrn.” I swear that nothing else was said. It made quite an impression on me, especially since I didn’t even know what the discussion was about in the rst place. After a two-year apprenticeship as a systems programmer, I wanted to travel abroad and work for IBM in Winchester in Southern England. At that time Henning Isaksson was planning to build a process control computer for Haldor Topse, Ltd. Henning had asked Niels Ivar Bech for a systems programmer for quite some time.
    [Show full text]
  • Part Iii Harnessing Parallelism
    PART III HARNESSING PARALLELISM The primary impetus behind the study of parallel programming, or concurrent programming as some would call it, was the necessity to write operating systems. While the first computers were simple enough to be considered sequential in nature, the advent of faster central processing units and the accompanying discrepancy in speed between the central processor and periph­ eral devices forced the consideration of possible concurrent activity of these mechanisms. The operating system was asked to control concurrent activity, and to control it in such a way that concurrent activity was maximized This desire for concurrent activity resulted in machine features such as the channel and the interrupt-the mechanism by which termination of an I/O activity is signaled The main problem with the interrupt, as far as the operating system designer was concerned, was its inherent unpredictability. Not knowing exactly when an interrupt could occur, the operating system had to be designed to expect an interrupt at any time. With the advent of multiprogramming and interactive, on-line processing, it became clear that the original motivation for parallelism-the control and exploitation of concurrent I/O-was only a special case, and some fundamen­ tal concepts began to emerge for study and use in more general parallel programming situations. Thus emerged the general idea of a set of processes executing concurrently, with the need for synchronization and mutual exclu­ sion (with respect to time) of some of their activities. The past 10-15 years have seen an enormous amount of activity in studying the general problem, a very small part of which is presented here.
    [Show full text]
  • A Programmer's Story. the Life of a Computer Pioneer
    A PROGRAMMER’S STORY The Life of a Computer Pioneer PER BRINCH HANSEN FOR CHARLES HAYDEN Copyright c 2004 by Per Brinch Hansen. All rights reserved. Per Brinch Hansen 5070 Pine Valley Drive, Fayetteville, NY 13066, USA CONTENTS Acknowledgments v 1 Learning to Read and Write 1938–57 1 Nobody ever writes two books – My parents – Hitler occupies Denmark – Talking in kindergarten – A visionary teacher – The class newspaper – “The topic” – An elite high school – Variety of teachers – Chemical experiments – Playing tennis with a champion – Listening to jazz – “Ulysses” and other novels. 2 Choosing a Career 1957–63 17 Advice from a professor – Technical University of Denmark – rsted’s inuence – Distant professors – Easter brew – Fired for being late – International exchange student – Masers and lasers – Radio talk — Graduation trip to Yugoslavia – An attractive tourist guide – Master of Science – Professional goals. 3 Learning from the Masters 1963–66 35 Regnecentralen – Algol 60 – Peter Naur and Jrn Jensen – Dask and Gier Algol – The mysterious Cobol 61 report – I join the compiler group – Playing roulette at Marienlyst resort – Jump- starting Siemens Cobol at Mogenstrup Inn – Negotiating salary – Compiler testing in Munich – Naur and Dijkstra smile in Stock- holm – The Cobol compiler is nished – Milena and I are married in Slovenia. 4 Young Man in a Hurr 1966–70 59 Naur’s vision of datalogy – Architect of the RC 4000 computer – Programming a real-time system – Working with Henning Isaks- son, Peter Kraft, and Charles Simonyi – Edsger Dijkstra’s inu- ence – Head of software development – Risking my future at Hotel Marina – The RC 4000 multiprogramming system – I meet Edsger Dijkstra, Niklaus Wirth, and Tony Hoare – The genius of Niels Ivar Bech.
    [Show full text]
  • Virtual Organization Clusters: Self-Provisioned Clouds on the Grid Michael Murphy Clemson University, [email protected]
    Clemson University TigerPrints All Dissertations Dissertations 5-2010 Virtual Organization Clusters: Self-Provisioned Clouds on the Grid Michael Murphy Clemson University, [email protected] Follow this and additional works at: https://tigerprints.clemson.edu/all_dissertations Part of the Computer Sciences Commons Recommended Citation Murphy, Michael, "Virtual Organization Clusters: Self-Provisioned Clouds on the Grid" (2010). All Dissertations. 511. https://tigerprints.clemson.edu/all_dissertations/511 This Dissertation is brought to you for free and open access by the Dissertations at TigerPrints. It has been accepted for inclusion in All Dissertations by an authorized administrator of TigerPrints. For more information, please contact [email protected]. Virtual Organization Clusters: Self-Provisioned Clouds on the Grid A Dissertation Presented to the Graduate School of Clemson University In Partial Fulfillment of the Requirements for the Degree Doctor of Philosophy Computer Science by Michael A. Murphy May 2010 Accepted by: Dr. Sebastien Goasguen, Committee Chair Dr. Jim Martin Dr. Walt Ligon Dr. Robert Geist Abstract Virtual Organization Clusters (VOCs) provide a novel architecture for overlaying dedicated cluster systems on existing grid infrastructures. VOCs provide customized, homogeneous execution environments on a per-Virtual Organization basis, without the cost of physical cluster construction or the overhead of per-job containers. Administrative access and overlay network capabilities are granted to Virtual Organizations (VOs) that choose to implement VOC technology, while the system remains completely transparent to end users and non-participating VOs. Unlike alternative systems that require explicit leases, VOCs are autonomically self-provisioned according to configurable usage policies. As a grid computing architecture, VOCs are designed to be technology agnostic and are implementable by any combination of software and services that follows the Virtual Organization Cluster Model.
    [Show full text]
  • Downloading from Naur's Website: 19
    1 2017.04.16 Accepted for publication in Nuncius Hamburgensis, Band 20. Preprint of invited paper for Gudrun Wolfschmidt's book: Vom Abakus zum Computer - Begleitbuch zur Ausstellung "Geschichte der Rechentechnik", 2015-2019 GIER: A Danish computer from 1961 with a role in the modern revolution of astronomy By Erik Høg, lektor emeritus, Niels Bohr Institute, Copenhagen Abstract: A Danish computer, GIER, from 1961 played a vital role in the development of a new method for astrometric measurement. This method, photon counting astrometry, ultimately led to two satellites with a significant role in the modern revolution of astronomy. A GIER was installed at the Hamburg Observatory in 1964 where it was used to implement the entirely new method for the meas- urement of stellar positions by means of a meridian circle, then the fundamental instrument of as- trometry. An expedition to Perth in Western Australia with the instrument and the computer was a suc- cess. This method was also implemented in space in the first ever astrometric satellite Hipparcos launched by ESA in 1989. The Hipparcos results published in 1997 revolutionized astrometry with an impact in all branches of astronomy from the solar system and stellar structure to cosmic distances and the dynamics of the Milky Way. In turn, the results paved the way for a successor, the one million times more powerful Gaia astrometry satellite launched by ESA in 2013. Preparations for a Gaia suc- cessor in twenty years are making progress. Zusammenfassung: Eine elektronische Rechenmaschine, GIER, von 1961 aus Dänischer Herkunft spielte eine vitale Rolle bei der Entwiklung einer neuen astrometrischen Messmethode.
    [Show full text]
  • A Secure Computing Platform for Building Automation Using Microkernel-Based Operating Systems Xiaolong Wang University of South Florida, [email protected]
    University of South Florida Scholar Commons Graduate Theses and Dissertations Graduate School November 2018 A Secure Computing Platform for Building Automation Using Microkernel-based Operating Systems Xiaolong Wang University of South Florida, [email protected] Follow this and additional works at: https://scholarcommons.usf.edu/etd Part of the Computer Sciences Commons Scholar Commons Citation Wang, Xiaolong, "A Secure Computing Platform for Building Automation Using Microkernel-based Operating Systems" (2018). Graduate Theses and Dissertations. https://scholarcommons.usf.edu/etd/7589 This Dissertation is brought to you for free and open access by the Graduate School at Scholar Commons. It has been accepted for inclusion in Graduate Theses and Dissertations by an authorized administrator of Scholar Commons. For more information, please contact [email protected]. A Secure Computing Platform for Building Automation Using Microkernel-based Operating Systems by Xiaolong Wang A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science and Engineering Department of Computer Science and Engineering College of Engineering University of South Florida Major Professor: Xinming Ou, Ph.D. Jarred Ligatti, Ph.D. Srinivas Katkoori, Ph.D. Nasir Ghani, Ph.D. Siva Raj Rajagopalan, Ph.D. Date of Approval: October 26, 2018 Keywords: System Security, Embedded System, Internet of Things, Cyber-Physical Systems Copyright © 2018, Xiaolong Wang DEDICATION In loving memory of my father, to my beloved, Blanka, and my family. Thank you for your love and support. ACKNOWLEDGMENTS First and foremost, I would like to thank my advisor, Dr. Xinming Ou for his guidance, encouragement, and unreserved support throughout my PhD journey.
    [Show full text]
  • Kernel Operating System
    International Journal of Advanced Technology in Engineering and Science www.ijates.com Volume No.02, Special Issue No. 01, September 2014 ISSN (online): 2348 – 7550 KERNEL OPERATING SYSTEM Manjeet Saini1, Abhishek Jain2, Ashish Chauhan3 Department Of Computer Science And Engineering, Dronacharya College Of Engineering Khentawas, Farrukh Nagar, Gurgaon, Haryana, (India) ABSTRACT The central module of an operating system (OS) is the Kernel. It is the part of the operating system that loads first, and it remains in main memory. It is necessary for the kernel to be very small while still providing all the essential services needed by other parts of the OS because it stays in the memory. To prevent kernel code from being overwritten by programs or other parts of the operating system it is loaded into a protected area of memory. The presence of an operating system kernel is not a necessity to run a computer. Directly loading and executing the programs on the "bare metal" machine is possible, provided that the program authors are willing to do without any OS support or hardware abstraction. Many video game consoles and embedded systems still constitute the “bare metal” approach. But in general, newer systems use kernels and operating systems. Keywords: Scalability, Multicore Processors, Message Passing I. INTRODUCTION In computing, the kernel is a computer program that manages input/output requests from software, and translates them into data processing instructions for the central processing unit and other electronic components of a computer. When a computer program (in this context called a process) makes requests of the kernel, the request is called a system call.
    [Show full text]
  • Teaching Computer Languages and Elementary Theory for Mixed Audiences at University Level
    Teaching computer languages and elementary theory for mixed audiences at university level Henning Christiansen Roskilde University, Computer Science Dept. P.O.Box 260, DK-4000 Roskilde, Denmark E-mail: [email protected] Abstract. Theoretical issues of computer science are traditionally taught in a way that presupposes a solid mathematical background and are usu- ally considered more or less unaccessible for students without this. An effective methodology is described which has been developed for a target group of university students with different backgrounds such as natural science or humanities. It has been developed for a course that integrates theoretical material on computer languages and abstract machines with practical programming techniques. Prolog used as meta-language for de- scribing language issues is the central instrument in the approach: Formal descriptions become running prototypes that are easy and appealing to test and modify, and can be extended into analyzers, interpreters, and tools such as tracers and debuggers. Experience shows a high learning curve, especially when the principles are extended into a learning-by- doing approach having the students to develop such descriptions them- selves from an informal introduction. 1 Introduction The advanced studies in Computer Science at Roskilde University are offered for students with a variety of different backgrounds such as natural science, hu- manities, and social science basic studies. A distinct characteristic at Roskilde is that 50% of the students’ work consists of project work which means that the nominal time for lectures in the advanced studies is rather small compared with most other universities and there is an obvious danger that the education may concentrate on practical and application oriented aspects without the penetra- tion of theoretical insight and understanding that is expected from a university degree.
    [Show full text]
  • The Solo Operating System the Solo Operating System
    PER BRINCH HANSEN Information Science California Institute of Technology July 1975 THE SOLO OPERATING SYSTEM THE SOLO OPERATING SYSTEM Per Brinch Hansen Information Sciencs California Institute of Technology Pasadena, California 91125 July 1975 This is a description of the Solo operating system written in the programming language Concurrent Pascal for the PDP 11/45 computer. It contains four papers entitled 1. The Solo operating system: A Concurrent Pascal program 2. The Solo operating system. Job interface 3. The Solo operating system: Processes, monitors, and classes 4, Disk scheduling at compile time The development of Concurrent Pascal and Solo has been supported by the National Science Foundation under grant number DCR74-17331 Copyright @ 1975 Par Brinch Hansen THE SOLO OPERATING SYSTEIYI. A CONCURRENT PASCAL PROGRAM Per Brinch Hansen Information Science California Institute of Technology Pasadena, California 91125 June 1975 Summary This is a description of the single-user operating system Solo written in the programming language Concurrent Pascal. It supports the development of sequential and concurrent Pascal programs for the PDP 11/45 computer. Input/output are handled by concurrent processes, Pascal programs can call one another recursively and pass arbitrary parameters among themselves. This makes it possible to use Pascal as a job control language. Solo is the first major example of a hierarchical concurrent program implemented in terms of abstract data types (classes, monitors, and processes) with compile-time control of most access rights. It is described here from the user's point of view as an introduction to anothsr paper describing its internal structure. Key Words and Phrases: Solo operating system, Concurrent Pascal, Job control, Input/output buffering, File system, Disk allocation, Operator communication, Size and performance.
    [Show full text]
  • Microkernel-Based and Capability-Based Operating Systems
    Microkernel-based and Capability-based Operating System Martin Děcký [email protected] March 2021 About the Speaker Charles University Research scientist at D3S (2008 – 2017) Graduated (Ph.D.) in 2015 Co-author of the HelenOS (http://www.helenos.org/) microkernel multiserver operating system Huawei Technologies Senior Research Engineer, Munich Research Center (2017 – 2018) Principal Research Engineer, Dresden Research Center (2019 – present) Martin Děcký, March 25th 2021 Microkernel-based and Capability-based Operating Systems 2 Sweden RC Finland RC UK RC Ireland RC Belgium RC Vancouver Edmonton Toronto Poland RC Ukraine RC Montreal France RC Ottawa Germany, Austria, Switzerland RC Israel RC Beijing Waterloo Italy RC Xi’an Nanjing Japan RC Chengdu Shanghai Wuhan Suzhou Songshanhu Hangzhou HQ Shenzhen India RC Edinburgh Tampere Stockholm Helsinki Cambridge Singapore RC Ipswich Goteburg London Lund Warsaw Leuven Dublin Dresden Nuremburg Kyiv Paris Zurich Munich City R&D Center Lagrange Vienna Grenoble Milan Related Country Research Center Nice Pisa City Research Center Tel Aviv Martin Děcký, March 25th 2021 Microkernel-based and Capability-based Operating Systems 3 Huawei Dresden Research Center (DRC) Since 2019, ~20 employees (plus a virtualization team in Munich) Martin Děcký, March 25th 2021 Microkernel-based and Capability-based Operating Systems 4 Huawei Dresden Research Center (DRC) (2) Focuses on R&D in the domain of operating systems Microkernels, hypervisors Collaboration with the OS Kernel Lab in Huawei HQ Collaboration with
    [Show full text]
  • Concurrent Pascal Machine Concurrent Pascal Machine
    PER BRINCH HANSEN Information Science California Institute of Technology October 1975 CONCURRENT PASCAL MACHINE CONCURRENT PASCAL MACHINE. STORE ALLOCATION Per Brinch Hansen Information Science California Institute of Technology Pasadena, California 91125 October 1975 Summary This describes the allocation of core store among the classes, monitors, and processes of a Concurrent Pascal program running on a PDP 11/45 computer. Key Words and Phrasesl Concurrent Pascal implementation, Virtual machine, Store allocation, PDP 11/45 computer. CR Categories I 4.2, 6.2 The development of Concurrent Pascal has been supported by the National Science Foundation under grant number DCR74-17331. Copyright ~ 1975 Per Brlnch Hansen CONCURRENT PASCAL MACHINE Per Brinch Hansen InforMation Science California Institute of Technology Pasadena. California 91125 October 1975 This is a description of the virtual machine that executes Concurrent Pascal programs on the PDP 11/45 computer. It contains four papers entitled. 1. Concurrent Pascal machine. store allocation 2. Concurrent Pascal machinel Code interpretation 3. Concurrent Pascal machine: Kernel 4. The Concurrent Pascal compiler The development of Concurrent Pascal has been supported by the National Science foundation under grant number DCR74-17331. Copyright ~ 1975 Per Brinch Hansen CONTENTS 1 • INTRODUCTION 1 2. CORE STORE 1 3. VIRTUAL STORE 3 4. DATA SEGMENTS 5 5. PERMANENT VARIABLES 6 6, TEMPORARY VARIABLES 7 7. COMPRomISES 8 REfERENCES 10 1. INTRODUCTION Concurrent Pascal is a programming language for structured programming of computer operating systems [1, 2]. The Concurrent Pascal compiler generates code for a virtual machine that can be simulated by microprogram or machine code on different computers [3] . This paper describes the allocation of core store among the processes of a Concurrent Pascal program running on a PDP 11/45 computer.
    [Show full text]